>
> Now if this proposed wg can find a way for me to recognized spoofed
> packets when they enter my networks without cooperation from the source
> and intermediate networks, I'm all ears.
>
Iljitsch,
Would it be useful if upstream networks that validated source addresses
somehow signed* the packet? If they did that, when the packet enters
your network, you will know which packets come with an assurance of
source address validity from the upstream network.
Ron
* Don't read too much into the word "sign". We may not be talking about
cryptographic strong authentication of every packet.
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
